I’ve recently been building an issue tracker using Node called Leaf. It’s a fun project that lets me dive into Node and learn its pros and cons. It uses a number of services that require either API keys or username/password combinations and I ran into the problem of how to secure these sensitive bits of information so that anyone browsing my Github repository wouldn’t be able to sign into those accounts for nefarious purposes.

Leaf is using a couple of different services. It uses Travis for continuous integration and Heroku for scalable hosting (both are excellent, by the way). The convention for configuration variables in Node is to use environment variables, which means that for every environment that builds and runs the application, we have to set the environment variables that correspond to each of our configuration variables. It’s quite the pain in the ass. I’ve broken down this post into three sections, one each for setting the appropriate environment variables locally, for Travis and for Heroku.